First page Back Continue Last page Overview Text


I'm going to pick on the delegating example I showed earlier for an example of unsafe metaprogramming.

In general, anytime you use eval with a string created by interpolating arguments, you need to be sure that the string created is valid ruby code.

Now, for most cases, this will work just fine. But take a few seconds to look at this method and see if you can spot some safety issues.

(10 secs) Alright, let's consider what happens if name contains a character valid in a method name, but not valid in a literal, such as a space?